ReverbNation, which offers online career management and marketing tools to more than 3.8m artists, has admitted becoming the victim of a serious data breach.
According to an email sent to members this week, ReverbNation was ‘recently contacted by law enforcement and alerted that an individual had illegally sought to gain unauthorised access to some of our customer’s user data’.
[UPDATE: A ReverbNation spokesperson has clarified that only users who created an account prior to May 1, 2014 may have been affected. They further explained that a ‘reputable vendor’s system’ on which the company uses to store information was accessed, and as a result of this access, a backup of a ReverbNation database was subsequently accessed. While the intrusion into the vendor’s system occurred some time ago, ReverbNation was only recently notified of the intrusion.]
In January 2014, the perpetrator, who has since been identified and charged, illegally accessed a ReverbNation vendor’s computer systems and gained unauthorised access to user information contained in a backup of our database.
“We take data very seriously… We apologise for the inconvenience.”
Michael Doernberg, Reverbnation
Although no credit card data was accessed, the US company says that “some user information included in the database such as e-mail addresses and encrypted passwords, and possibly other user information users provided to us, such as names, addresses, phone numbers, and/or dates of birth may have been accessed”.
ReverbNation CEO Michael Doernberg said that the company “takes data security very seriously and we have taken steps to further secure our system against any such breach”.
ReverbNation members are now being encouraged to change the password to their accounts as soon as possible.
Added Doernberg: “Thank you for your attention and we appreciate your assistance in securing your personal information. If you have any further questions, please contact us via e-mail us at firstname.lastname@example.org.
“We apologise for the inconvenience. We thank you for being part of the ReverbNation community, and we appreciate the continued opportunity to serve you.”
UPDATE: In a statement given to MBW, ReverbNation said:
“ReverbNation notified certain affected users that it has been alerted by law enforcement that an individual, who has been identified and charged, illegally accessed a ReverbNation vendor’s computer system which permitted the individual to access a backup of the company’s database on a separate cloud storage facility, ultimately allowing the individual to gain unauthorized access to a limited subset of user information in approximately January of 2014.
“This information pertains to users who created a site account prior to May 1, 2014. In an abundance of caution, ReverbNation is recommending that all affected users who created a site account prior to May 1, 2014, and who received notification from ReverbNation (either via U.S. Mail or email), change their site passwords and passwords on any other platform which share their ReverbNation password immediately.
“Because ReverbNation does not store credit card information, no payment information was accessed. As of this time, we are not aware that any user has suffered any loss as a result of this incident.
“ReverbNation has continued its ever present efforts to bolster its security measures to ensure that user information is properly protected. If individual users have questions, they should contact the company directly at email@example.com“Music Business Worldwide